Data protection

When you use Air France services, notably those available on the website, mobile site, and mobile apps, Air France, who is responsible for handling data, may collect and process your personal data.

Air France is a member company of the group AIR FRANCE-KLM.

Air France and KLM (Amsterdamweg 55, 1182 GPO Amstelveen) are committed to adhering to the regulations concerning the privacy and data security of their passengers, loyalty program members, prospects and users of their websites, mobile sites and mobile apps. All data collected through the Air France website is processed in accordance with all local legislation and the terms laid out in the revised version of the French Data Protection Act of 6 January 1978, and the General Data Protection Act (EU regulation 2016/679) or "GDPR".

The Flying Blue and BlueBiz loyalty programs are offered in conjunction with KLM.

AIR FRANCE and KLM therefore share joint responsibility for processing your data within these programs. Their respective duties with regards to conforming to the data protection regulations are the result of a common accord.

To ensure the proper application of these regulations, Air France has appointed a Data Protection Officer who serves as the official liaison to the French Data Protection Authority (CNIL). Air France has also put in place appropriate internal procedures to raise awareness amongst its employees and ensure the regulations are correctly implemented within the organization.

How is Air France committed to protecting my data?

Air France is committed to ensuring a high level of data protection for its customers, prospects, users of its website, mobile site and mobile apps and all other persons whose data it processes.

Air France is committed to respecting the regulations that apply to all the data it processes. More specifically, Air France commits in particular to the following principles:

Your personal data is processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency).

Your personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation).

Your personal details kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (storage limitation).

Your personal data is accurate, kept up to date, and every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy).

Air France has put in place appropriate technical and organizational measures in order to ensure a sufficiently high level of security in relation to the inherent risk involved in data processing, to meet regulatory demands and to protect the rights and the data of the people concerned from the moment the data is collected.

Moreover, Air France contractually requires that its subcontractors (service providers, suppliers, etc.) implement the same level of data protection.

Finally, Air France is committed to adhering to all other principles related to data protection, and more specifically, pertaining to users' rights, the duration of time that data is stored, as well as obligations regarding the transfer of personal data.

How does Air France use the data it collects?

1. How we collect your data

When you use Air France online services, we receive your data through different channels and more specifically on our websites, our mobile sites and mobile apps, whilst you are browsing, buying or booking online, when you complete an online form, when you sign up to the newsletter, when you create an Air France or Flying Blue account, when you apply for a job position, when you post comments on our social media, when you make contact with Air France or when you send your data to us in any other way.

2. Purpose for data processing and legal grounds

Your personal data is primarily used to enable you book and purchase tickets and for us to provide specific services: transportation, market research, creating customer loyalty, activities, sales information, satisfaction surveys, organizing competitions, new products and services designed to improve customer experience in the airport or during a flight, statistical surveys, recruitment, customer service, handling customer requests and/or complaints, but also to ensure flight safety and security and to combat fraud.

In addition to instances where we received consent from you (notably to communicate personalized offers with you), it is necessary for us to collect your data for the aforementioned purposes:

To enable the fulfillment of the transport contract

To comply with a legal obligation (notably to ensure flight safety, carry out the mandatory immigration processes in conjunction with French or foreign public authorities…)

For legimitate purposes in the interest of Air France (to develop new services and products, improve the loyalty programs, improve customer services...).

More specifically, your data will be used:

to allow you to benefit from services available on the Air France website, mobile site and mobile apps: creation of user accounts, e-newsletters, managing reservations, assistance and claims, managing loyalty programs, etc.

to provide a seamless browsing experience on our websites,

to ensure that the information, notifications, promotions, and other services we provide are suited to your interests,

to be enriched by sharing some information with certain business partners to improve our understanding of your interests so that we can inform you of our latest deals and other forms of personalized services (subject to your prior authorization when requested and with respect to your right to unsubscribe at any time, in accordance with the regulations regarding marketing activities),

In the Air France mobile app, the "Scan passport" feature allows you to enter your required personal information without having to enter it manually. This feature is optional.

In the Air France mobile app, you can access your contacts to fill in the "travel companions" or "Flying Blue enrollment" forms automatically. Your personal information is also filled in automatically. This feature is optional.

Any incident that occurs during the fulfillment of the transport contract and liable to compromise the safety or security of a flight may be recorded and kept on file, be subject to a filed complaint, and result in a travel ban on flights provided by Air France for a duration of 3 years.

For how long is my data stored?

Air France is committed to storing your personal data no longer than necessary for the purpose for which it was processed. Furthermore, Air France stores your personal data in accordance with the retention period imposed by current regulations.

This retention period depends on the purpose for which the data is being processed by Air France and takes into account regulations which impose a specific retention period for certain categories of data, possible time limits as well as CNIL recommendations regarding certain types of data processing (for example, Deliberation n° 2016-264 of 21 July 2016 introduces modifications to this simplified declaration concerning automated data processing related to clients and prospects (NS-048), article L.232-7 about national security with regard to transmitting passenger details to the French authorities, storing cookies for 13 months according to CNIL recommendations...).

Who uses the personal data collected by Air France?

1. Who may use your data

Personal data collected on the Air France website, mobile site and mobile apps may be communicated to authorized Air France personnel, its partners (KLM, SkyTeam, accredited travel agents, transportation companies, car rental companies, hotels, credit card providers, etc.) or to providers of other related services, in order to carry out the services as outlined above.

As outlined by French and international laws and regulations, Air France, as well as any other airline, may be required to communicate personal data to authorized local authorities (customs, immigration, police, etc.) both in France and overseas. For example, this may be necessary in order to complete required immigration formalities and to prevent and combat terrorism and other serious crimes.

In accordance with Article L.237-7 of French Internal Security Code, please be informed that airlines may be required to communicate personal data to authorized booking, check-in and boarding data collected from their passengers (API/PNR) to the French authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014.

2. Data transfer outside the European Union

Some of the parties mentioned above may be located outside the European Union and have access to all or some of the personal data collected by Air France (name, passport number, trip details, etc.) in order to fulfill the transport contract or comply with specific legal requirements.

In this case, Air France guarantees a high level of data protection according to the most stringent rules, with respect in particular to signing contractual clauses, on a case-by-case basis, based on the European Commission template, or other mechanisms in compliance with the GDPR, whenever your personal data is processed by a service provider outside the European Economic Area and whose country is not considered by the European Commission to implement a sufficient level of protection.

How can I exercise my privacy rights?

As outlined in the French “IT security and freedoms” law, you have the right to view, change, delete, or contest any data pertaining to you, as well as to limit, withdraw and refuse the transmission of your personal data.

Furthermore, you have the legal right to decide what happens to your personal data in the case of death.

Moreover, any person under the age of 16 at the time the personal data was collected may request that the data be deleted at the earliest opportunity.

Please provide details including your full name and e-mail address in order for us to be able to identify you, as well as any other relevant information to confirm your identity.

For some services, these rights may be exercised directly on the website (managing your personal account, bookings, loyalty program, etc.).

You also have the right to receive help from the CNIL (Commission Nationale de l'Informatique et des Libertés) in the event of a violation of the regulations regarding Personal Data and, more specifically, the GDPR.

For the Flying Blue and BlueBiz loyalty programs, you can exercise your rights, withdraw consent, or address any questions/complaints, to Air France using the address stated above, or to KLM: KLM Royal Dutch Airlines Privacy Office - AMSPI PO Box 7700 1117 ZL Luchthaven Schiphol The Netherlands E-mail address: KLMPrivacyOffice@klm.com

AIR FRANCE and KLM will take joint action whenever necessary to guarantee your rights, or respond to any questions or complaints.

When you contact our customer service department, your call may be recorded in order for us to improve our service, and to avoid any legal disputes or malicious calls. If you do not wish to be recorded, please inform the agent at the start of the conversation.

You also have the right to refuse for your data to be collected for marketing purposes. When required by law, personal data will only be used for online marketing once your express consent has been obtained.

If you no longer wish to receive the Air France newsletter by e-mail, you can use the unsubscribe link located at the bottom of each message.

If you do not wish to receive offers from Flying Blue and our partners, you can update the communication preferences in your profile by logging in to your
Flying Blue account.

The provision of certain services is dependent upon the collection of personal data (special meals, medical assistance, etc.). You can, of course, exercise the right to oppose the use of this personal data, but you may not be able to benefit from these services as a result.

As stipulated by French and international laws and regulations, failure to provide data or providing incorrect data may result in you being stopped from boarding or refused entry into a foreign country (upon decision by customs authorities, for example), in which case Air France cannot be held responsible.

How are Air France online services connected to social media and my mobile devices?

Air France seeks to continuously improve its electronic services to facilitate access to its customers, potential customers and visitors. The Air France website (and mobile site) notably provides 24-hour access to online booking and ticketing services, as well as Flying Blue services. You can also obtain information about hotel and rental car options, as well as travel insurance provided by our partners.

To simplify the process of creating and connecting to your Air France account, you can link your Air France account to most social media sites. By agreeing to share some personal data, listed on the account authorization page for each social media site, you can optimize your experience on the Air France website. If desired, you can unlink your Air France and social media accounts at any time.

Cookies

In a continued effort to improve the services offered on the website and meet customer expectations, Air France may use “cookies.” These are text files used to identify customers’ devices when accessing Air France services.

The storage of cookies or tracers on your device (desktop computer, tablet, smartphone, etc.) allows Air France to gather information and personal data. Depending on the settings on your device, cookies permit the following:

Cookies enable you to use the major features on the Air France website.

They help us improve our website and detect any bugs you may encounter.

They enable us to remember your choices and preferences and personalize your user interface.

They allow us to gather statistics in order to manage traffic to the website and the use of different sections of the Air France website (visited pages, navigation habits of the user) which allow us to improve the user experience on the website and the services we offer you.

They enable us to track the effectiveness of our marketing campaigns by counting and analyzing the number of sales and clicks associated with our marketing investments.

They show us the content of pages you view, your flight searches, information you chose to share when registering with other website, pages and websites you visited recently.

They allow us to share information with other websites in order to display advertizing content that is interesting and useful to you.

They enable us to share information on social media.

Depending on your browser settings concerning the use of cookies, some tracers may be transmitted or read by third parties (advertising companies, communications agencies, etc.) during your visit to the Air France website.

At any time, you can change your browser settings to manage these cookies. For more information on how Air France uses cookies, please see our
cookie management policy.

IT security / secure transactions

Air France is committed to ensuring the security and privacy of the personal data that you provide us. We implement all necessary technical and organizational measures, with regards to the nature, impact and context of the personal data that you share with us and the risks involved in processing it, in order to protect your personal data and, more specifically, to prevent any corruption, damage, or unauthorized use by third parties, either through accident or criminal activity. You can therefore purchase your ticket on our website with the guarantee that your data is kept confidential and secure.

We provide a secure online payment system using the latest technologies.

Air France is committed to combating online identity theft. For this reason, Air France uses a fraud detection system for payments made by credit or debit card. The system is designed to protect you in case of loss or theft of credit or debit cards.

Everyone has a part to play in data security and privacy. For this reason, we recommend that you avoid communicating passwords to others, and that you log out of your Air France and social media accounts (especially if these accounts are linked) and close your browser window when leaving the Air France website, especially when using a public device to access the internet. This way, other users will not be able to access your personal information.

We strongly advise against communicating any document issued by Air France that contains your personal details (boarding pass, ticket number, etc.) to third parties or posting such documents on social media.

To learn about security best practices, please visit the French-language IT security portal. The general conditions for certain services available on the Air France website, mobile site and mobile apps may contain additional terms relating to the collection and use of personal data.

Finally, Air France has implemented a procedure specifically designed to manage security breaches which allow us to intercept any data breaches, notify the relevant authorities and alert you to the fact that your personal data may have been affected.

Personal data concerning minors

Air France does not gather or process personal data of minors under the age of 16 without prior consent from his or her parents or legal guardian.

If personal data concerning children are gathered via the Air France website, mobile site or mobile apps, their parents or legal guardian have the right to refuse by writing to the address stated at the bottom of this page.

Furthermore, as stated above, any child under the age of 16 at the time the data was collected, may request his or her data to be erased at the earliest opportunity.

Links to other websites

Several pages on the Air France website contain links to access the websites of other companies. We recommend that you read the data privacy policies of these non-Air France websites, as these terms may vary from those on the Air France website. Air France is not responsible for the use of your personal data on these external websites.

Questions

For more information on the entry regulations that apply for your destination country, please go to the
Regulations
section of the website.

For more information on the monitoring program implemented by the US authorities, please visit the following websites:

Contact

For any further questions related to this policy or the way in which Air France processes your personal data, please contact our Data Protection Officer at the following e-mail address: mail.data.protection@airfrance.fr

Modifications

Air France reserves the right to alter its data privacy policy at any time. We recommend that you check the latest version of the policy on a regular basis.